<?php
/**
* Author: Porlock
* Link: www.porlockz.com
* Date: 2018-04-22 22:35:18
* Last Modified time: 2018-04-22 22:35:22
*/
if(@$_GET['action'] == 'login'){
require_once ('includes/lib/func_login.php');
if(isset($_SESSION['uid'])){
    msg_display('请勿重复登录','error',$_SESSION['destination']);
}
    echo <<<EOT
<!--登录-->
<link href="/afctf/css/login.css" rel="stylesheet" type="text/css" media="all"/>
<div class="register-form" >
    <div class="first-login">
        <div class="title">
            <h2>选手登录</h2>
        </div>
        <div class="content-body">
            <form action="/afctf/members/login.php?action=deal" method="post">
                <div class="input-wrapper">
                    <input type="text" name="lo_uid" autofocus="autofocus" required="required" placeholder="请输入你的学号" maxlength="10">
                </div>
                <div class="input-wrapper">
                    <input type="password" name="lo_pw" required="required" placeholder="请输入你的密码" maxlength="16">
                </div>
                <div class="checkcode-wrapper input-wrapper">
                    <input type="text" id="checkcode-input" name="lo_verify" required="required" placeholder="请输入验证码" maxlength="5">
                    <img id="checkcode-img" src="/afctf/includes/lib/checkcode.php" onclick="this.src='/afctf/includes/lib/checkcode.php?action=refresh'"/>
                </div>
                <div>
                    <input class="submit" type="submit"  value="登录">
                </div>
            </form>
        </div>
    </div>
</div>
EOT;

}
/**
 *  1.开启会话
 *  2.接收数据，检查是否存在空数据
 *  3.校验学号和密码
 *  4.传输session[id]
 */
elseif (@$_GET['action'] == 'deal'){
    require_once ('../init.php');
    require_once ('includes/lib/func_login.php');
    require_once ('includes/views/jump_header.php');
    //开启会话
    session_start();
    // 接收从表单传来的数据
    $uid       = $_POST['lo_uid'];
    $password = $_POST['lo_pw'];
    $verify = $_POST['lo_verify'];
    // 接收验证码图片的值和用户想要前往的页面url
    $code = $_SESSION['code'];
    // 使用完验证码之后清除
    unset($_SESSION['code']);
    $destination = @$_SESSION['destination'];
    $login_url = '/afctf/index.php?action=login';
    // 如果用户直接点击登录，则在用户登录后导向首页
    if(!isset($destination)){
        $destination = '/afctf/index.php';
    }
    // 检查验证码
    if(strnatcasecmp($verify,$code)){
        msg_display('验证码错误','error',$login_url);
    }
    // 检查是否有空数据
    if(!filled_out($_POST)){
        msg_display('表单不能为空','error',$login_url);
    }
    // 检查学号长度
    if (!check_strlength($uid,10)){
        msg_display('学号长度超出范围','error',$login_url);
    }
    // 检查密码长度
    if (!check_strlength($password,16)){
        msg_display('密码长度超出范围','error',$login_url);
    }
    //校验学号和密码
    $query   = "SELECT `uid`,`salt`,`passwd_hash` FROM `user` WHERE `uid` = :uid";
    $sth     = $dbh->prepare($query);
    $sth -> bindParam(":uid",$uid);
    try {
        $sth -> execute();
    }  catch (Exception $e) {
        msg_display('错误代码222，请联系管理员','error',$login_url);
    }
    $result  = $sth -> fetch();
    //获取数据库查询结果
    $db_uid   = $result['uid'];
    $db_salt = $result['salt'];
    $db_hash = $result['passwd_hash']; 
    //判断密码是否正确
    if(!check_pw($password,$db_salt,$db_hash)){
        msg_display('密码错误','error',$login_url);
    }
    //密码正确跳转至用户目的地
    $_SESSION['uid'] = $uid;
    msg_display('登录成功','success',$destination);
}